- factor out checking for "own" organisation
- adding OCSP EKU to Simple Signer
- adding check for certificate "ocsp"-requirement
- allow Profile-Ids to be non-consecutive
resp.sendError(500, "Error, invalid cert");
return;
}
resp.sendError(500, "Error, invalid cert");
return;
}
- if ( !"CAcert".equals(((Organisation) u).getName())) {
+ if ( !((Organisation) u).isSelfOrganisation()) {
resp.sendError(500, "Error, invalid cert");
return;
resp.sendError(500, "Error, invalid cert");
return;
if ( !actor.isInGroup(Group.CODESIGNING)) {
return false;
}
if ( !actor.isInGroup(Group.CODESIGNING)) {
return false;
}
+ } else if (s.equals("ocsp")) {
+ if ( !(owner instanceof Organisation)) {
+ return false;
+ }
+ Organisation o = (Organisation) owner;
+ if ( !o.isSelfOrganisation()) {
+ return false;
+ }
public boolean isValidEmail(String email) {
return isValidDomain(email.split("@", 2)[1]);
}
public boolean isValidEmail(String email) {
return isValidDomain(email.split("@", 2)[1]);
}
+
+ public boolean isSelfOrganisation() {
+ return "CAcert".equals(getName());
+ }
vars2.put("hashs", new HashAlgorithms(cr.getSelectedDigest()));
vars2.put("profiles", new IterableDataset() {
vars2.put("hashs", new HashAlgorithms(cr.getSelectedDigest()));
vars2.put("profiles", new IterableDataset() {
+ CertificateProfile[] cps = CertificateProfile.getAll();
+
+ int i = 0;
@Override
public boolean next(Language l, Map<String, Object> vars) {
CertificateProfile cp;
do {
@Override
public boolean next(Language l, Map<String, Object> vars) {
CertificateProfile cp;
do {
- cp = CertificateProfile.getById(i++);
- if (cp == null) {
} while ( !cp.canBeIssuedBy(c.getTarget(), c.getActor()));
if (cp.getId() == cr.getProfile().getId()) {
} while ( !cp.canBeIssuedBy(c.getTarget(), c.getActor()));
if (cp.getId() == cr.getProfile().getId()) {
case "emailProtection":
oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.4");
break;
case "emailProtection":
oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.4");
break;
+ case "OCSPSigning":
+ oid = new ObjectIdentifier("1.3.6.1.5.5.7.3.9");
+ break;
default:
throw new Error(name);
default:
throw new Error(name);